Security news round up: Microsoft investigates new zero-day plus more

Microsoft says Office 2000 and Office XP could be affected. Also, Cisco patches firewall flaws that could be exploited to bypass security restrictions or cause a denial of service.

Just a day after patching a variety of flaws in Word, Microsoft found itself dealing with yet another zero-day flaw in the application.

The software giant said in an advisory that it's investigating new reports of "very limited, targeted attacks" against a zero-day flaw in versions of Word included in Microsoft Office 2000 and Microsoft Office XP. In order for an exploit to be successful, Microsoft noted that a user must first open a malicious Office file provided by an attacker, likely via email.

"Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers," the company said in its advisory. "This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs."

The French Security Incident Response Team (FrSIRT) said in an advisory that the critical problem is a memory corruption error in how malformed documents are handled. Attackers could exploit this, FrSIRT said, to "execute arbitrary commands by tricking a user into opening a specially crafted Word document."

Microsoft said users should practice "extreme caution" when opening unsolicited attachments from both known and unknown sources. The company has also updated its Windows Live OneCare scanner to catch malware attempting to exploit the flaw.

Cisco fixes firewall flaws
Cisco Systems Inc. has patched a number of flaws in its Firewall Services Module (FWSM), PIX 500 Series Security Appliances and 5500 Series Adaptive Security Appliances.

The networking giant said in an advisory that the FWSM vulnerabilities are rooted in how the program processes certain forms of HTTP, HTTPS, SIP and SNMP traffic.

"If verbose logging is enabled for debugging purposes, a vulnerability exists when the FWSM processes packets destined to itself," Cisco said. "All of these vulnerabilities may result in a reload of the device."

Similar vulnerabilities affect the PIX 500 Series Security Appliances and ASA 5500 Series Adaptive Security Appliances, Cisco said.

Danish vulnerability clearinghouse Secunia said in an advisory that attackers could also exploit the moderately critical flaws to bypass certain security restrictions.

Read more on Antivirus, firewall and IDS products